Cheval de troie

maracana -  
papyber Messages postés 6430 Statut Contributeur sécurité -
Bonjour,

Ce poste est un appel a l'aide,je suis infecté de virus. Quelqu'un pourrait t'il m'indiqué ce que je dois fixer dans ce rapport de hijackthis,merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:25, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\WIRELE~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BD126C7-CBBF-4E86-9A99-2B7F79B8C7A5}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BD126C7-CBBF-4E86-9A99-2B7F79B8C7A5}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: Office Source Engine (ose) - Funk Software, Inc. - (no file)

--
End of file - 10252 bytes
Configuration: Windows XP
Internet Explorer 7.0

13 réponses

  1. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    tu es infecté
    Télécharge SDFix d’ Andy Manchesta sur ton bureau
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    clic double sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Comment aller en Mode sans échec lettre C
    https://forum.pcastuces.com/sujet.asp?f=25&s=3902
    1) Redémarre ton ordi
    2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
    3) Tu verras un écran avec options de démarrage apparaître
    4) Choisi la première option : Sans Échec, et valide avec "Entrée"
    5) Choisi ton compte régulier, et non Administrateur

    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et clic double sur RunThis.bat
    Appuie sur Y pour commencer le nettoyage.
    Il va supprimer les services et les entrées du Registre infectés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, poste le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,
    1
  2. Vyger Messages postés 364 Date d'inscription   Statut Membre Dernière intervention   47
     
    O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Office Source Engine (ose) - Funk Software, Inc. - (no file)

    023 est suspect, porte ouverte au trojans et virus...

    fixe 'fixe checked", reboot en mode sans echec et scan antispyware (spybotSD) et ton antivirus
    redemarre et repost un log

    a+

    0
  3. maracana
     
    Bonjour,

    J'ai fait ce que tu m'as dit viger. Et apres tout ça mon antivirus détecte deux virus au redémraaage:
    C:\DOCUME~1\Amaury\LOCALS~1\Temp\gjeeyvun.dll
    C:\DOCUME~1\Amaury\LOCALS~1\Temp\ncdtfwis.dll
    qui correspondent à Win32:TratBHO [Trj].

    voici le nouveau log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:13:08, on 13/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\WIRELE~1\GNETMOUS.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1BD126C7-CBBF-4E86-9A99-2B7F79B8C7A5}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1BD126C7-CBBF-4E86-9A99-2B7F79B8C7A5}: NameServer = 212.27.54.252,212.27.53.252
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
    O23 - Service: Office Source Engine (ose) - Funk Software, Inc. - (no file)
    0
  4. maracana
     
    Pour papyber

    voici le rapport:

    SDFix: Version 1.142

    Run by Amaury on 13/02/2008 at 18:27

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\Amaury\Bureau\f-vmonde\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found

    Folder C:\Program Files\Insider - Removed

    Removing Temp Files...

    ADS Check:

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-13 18:42:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
    "khjeh"=hex:20,02,00,00,4a,1e,32,1e,dd,ec,57,8d,2e,72,7e,3e,8c,7b,6b,8a,42,..
    "hj34z0"=hex:30,1e,ba,03,91,2e,68,4a,81,27,7c,fe,d6,84,fc,0b,06,0f,a8,2b,50,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 391

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\Amaury\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Amaury\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopAdver"
    "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast"
    "C:\\Program Files\\HomePlayer1.5.0.2\\HomePlayer.exe"="C:\\Program Files\\HomePlayer1.5.0.2\\HomePlayer.exe:*:Enabled:HomePlayer"
    "C:\\Program Files\\PpStream Fr\\PPStream.exe"="C:\\Program Files\\PpStream Fr\\PPStream.exe:*:Enabled:PPStream.exe"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
    "C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\\TFPTools3_0\\VLC\\vlc.exe"="C:\\TFPTools3_0\\VLC\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\TFPTools3_0\\TFPTools.exe"="C:\\TFPTools3_0\\TFPTools.exe:*:Enabled:TFPTools"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Disabled:Football Manager 2008"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files:
    ---------------

    Files with Hidden Attributes:

    Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
    Thu 5 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Wed 2 Mar 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 16 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a2180e39176e52eb6ee31f3dab112b6e\BIT1.tmp"
    Tue 6 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT1.tmp"
    Tue 6 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cfbcb3a3d65e5711f4e0a6b970ad92ef\BIT2.tmp"

    Finished!
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    où en es tu?
    poste un rapport hijack this
    0
  7. maracana
     
    Bonsoir Papyber,

    Comme je te disais précedemment,

    J'ai fait ce que tu m'as dit viger. Et apres tout ça mon antivirus détecte deux virus au redémraaage:
    C:\DOCUME~1\Amaury\LOCALS~1\Temp\gjeeyvun.dll
    C:\DOCUME~1\Amaury\LOCALS~1\Temp\ncdtfwis.dll
    qui correspondent à Win32:TratBHO [Trj].

    Ensuite je suis alle sur le post http://www.commentcamarche.net/forum/affich 4549845 comment supprimer le virus win32 tratbho
    en faisant plus ou moins les démarches décristes dans le post. Ca va nettement mieux mais il me semble que je peux encore faire du vide sur la base de registre. Voici le rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:58:48, on 14/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {3E148F86-07D9-479B-9C66-F58C5B770522} - C:\WINDOWS\system32\awtss.dll (file missing)
    O2 - BHO: (no name) - {43408E72-84F2-4489-9717-1F40287F66AA} - C:\WINDOWS\system32\ljhhe.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AB76A837-492E-4792-8ABD-0EBBEE3775F0} - C:\WINDOWS\system32\urspn.dll (file missing)
    O2 - BHO: (no name) - {DA00CDCA-56BB-4171-8101-B4230DCB73A8} - C:\WINDOWS\system32\xxwvu.dll (file missing)
    O2 - BHO: (no name) - {E60729E8-D1B8-4F6D-AF3A-BFEDFA60D5C5} - C:\WINDOWS\system32\hgday.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\WIRELE~1\GNETMOUS.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1BD126C7-CBBF-4E86-9A99-2B7F79B8C7A5}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1BD126C7-CBBF-4E86-9A99-2B7F79B8C7A5}: NameServer = 212.27.54.252,212.27.53.252
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
    O23 - Service: Office Source Engine (ose) - Funk Software, Inc. - (no file)
    0
  8. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    ce qui serait bon, c'est que tu postes les rapports des outils que tu as passés afin de vérifier s'il y a ou pas des restes d'infection

    lance hijack this pour un scan et coche les lignes suivantes
    O2 - BHO: (no name) - {3E148F86-07D9-479B-9C66-F58C5B770522} - C:\WINDOWS\system32\awtss.dll (file missing)
    O2 - BHO: (no name) - {43408E72-84F2-4489-9717-1F40287F66AA} - C:\WINDOWS\system32\ljhhe.dll (file missing)
    O2 - BHO: (no name) - {AB76A837-492E-4792-8ABD-0EBBEE3775F0} - C:\WINDOWS\system32\urspn.dll (file missing)
    O2 - BHO: (no name) - {DA00CDCA-56BB-4171-8101-B4230DCB73A8} - C:\WINDOWS\system32\xxwvu.dll (file missing)
    O2 - BHO: (no name) - {E60729E8-D1B8-4F6D-AF3A-BFEDFA60D5C5} - C:\WINDOWS\system32\hgday.dll (file missing)

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') NT
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') T
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab

    ferme toutes tes fenêtres y compris internet et clique sur fix checked

    0
  9. maracana
     
    J'ai passé VirtumundoBegone.exe, voici le rapport:

    [02/13/2008, 20:31:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Amaury\Bureau\VirtumundoBeGone.exe" )
    [02/13/2008, 20:31:52] - Detected System Information:
    [02/13/2008, 20:31:52] - Windows Version: 5.1.2600, Service Pack 2
    [02/13/2008, 20:31:52] - Current Username: Amaury (Admin)
    [02/13/2008, 20:31:52] - Windows is in NORMAL mode.
    [02/13/2008, 20:31:52] - Searching for Browser Helper Objects:
    [02/13/2008, 20:31:52] - BHO 1: {0498FB38-C644-46D9-A891-2001C28F866C} ()
    [02/13/2008, 20:31:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:52] - Checking for HKLM\...\Winlogon\Notify\ursqq
    [02/13/2008, 20:31:52] - Key not found: HKLM\...\Winlogon\Notify\ursqq, continuing.
    [02/13/2008, 20:31:52] - BHO 2: {3E148F86-07D9-479B-9C66-F58C5B770522} ()
    [02/13/2008, 20:31:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:52] - Checking for HKLM\...\Winlogon\Notify\awtss
    [02/13/2008, 20:31:52] - Key not found: HKLM\...\Winlogon\Notify\awtss, continuing.
    [02/13/2008, 20:31:52] - BHO 3: {43408E72-84F2-4489-9717-1F40287F66AA} ()
    [02/13/2008, 20:31:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:52] - Checking for HKLM\...\Winlogon\Notify\ljhhe
    [02/13/2008, 20:31:52] - Key not found: HKLM\...\Winlogon\Notify\ljhhe, continuing.
    [02/13/2008, 20:31:52] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

    J'ai passé SDfix dont voici le scan:

    SDFix: Version 1.142

    Run by Amaury on 13/02/2008 at 18:27

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\Amaury\Bureau\f-vmonde\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found

    Folder C:\Program Files\Insider - Removed

    Removing Temp Files...

    ADS Check:

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-13 18:42:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
    "khjeh"=hex:20,02,00,00,4a,1e,32,1e,dd,ec,57,8d,2e,72,7e,3e,8c,7b,6b,8a,42,..
    "hj34z0"=hex:30,1e,ba,03,91,2e,68,4a,81,27,7c,fe,d6,84,fc,0b,06,0f,a8,2b,50,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 391

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\Amaury\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Amaury\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopAdver"
    "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast"
    "C:\\Program Files\\HomePlayer1.5.0.2\\HomePlayer.exe"="C:\\Program Files\\HomePlayer1.5.0.2\\HomePlayer.exe:*:Enabled:HomePlayer"
    "C:\\Program Files\\PpStream Fr\\PPStream.exe"="C:\\Program Files\\PpStream Fr\\PPStream.exe:*:Enabled:PPStream.exe"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
    "C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\\TFPTools3_0\\VLC\\vlc.exe"="C:\\TFPTools3_0\\VLC\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\TFPTools3_0\\TFPTools.exe"="C:\\TFPTools3_0\\TFPTools.exe:*:Enabled:TFPTools"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Disabled:Football Manager 2008"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files:
    ---------------

    Files with Hidden Attributes:

    Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
    Thu 5 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Wed 2 Mar 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 16 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a2180e39176e52eb6ee31f3dab112b6e\BIT1.tmp"
    Tue 6 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT1.tmp"
    Tue 6 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cfbcb3a3d65e5711f4e0a6b970ad92ef\BIT2.tmp"

    Finished!

    J'ai passé combofix dont voici le rapport:

    2004-08-05 13:00 132096 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000008_.tmp.dll.vir
    2004-10-28 02:23 728576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000009_.tmp.dll.vir
    2008-02-08 21:18 405125 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sstwa.ini.vir
    2008-02-08 21:19 405185 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sstwa.ini2.vir
    2008-02-09 13:17 406824 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uvwxx.ini2.vir
    2008-02-09 13:17 407470 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uvwxx.ini.vir
    2008-02-09 16:05 398602 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\npsru.ini2.vir
    2008-02-09 16:07 398602 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\npsru.ini.vir
    2008-02-11 22:21 419471 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ehhjl.ini2.vir
    2008-02-11 22:23 419566 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ehhjl.ini.vir
    2008-02-13 04:54 312438 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yadgh.ini2.vir
    2008-02-13 04:57 312438 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yadgh.ini.vir
    2008-02-13 05:04 334336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ursqq.dll.vir
    2008-02-13 21:04 316254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qqsru.ini2.vir
    2008-02-13 21:05 316254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qqsru.ini.vir
    2008-02-13 21:06 152 --a------ C:\Qoobox\Quarantine\catchme.log
    2008-02-13 21:06 295177 --a------ C:\Qoobox\Quarantine\catchme2008-02-13_210939.98.zip

    et j'ai passé msn fix mais je retrouve plus le rapport.

    Je peux voir avec les rapports que j'étais beaucoup infecté. Mais pas assez expert.
    [02/13/2008, 20:31:52] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [02/13/2008, 20:31:52] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [02/13/2008, 20:31:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:52] - No filename found. Continuing.
    [02/13/2008, 20:31:52] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [02/13/2008, 20:31:52] - BHO 8: {AB76A837-492E-4792-8ABD-0EBBEE3775F0} ()
    [02/13/2008, 20:31:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:52] - Checking for HKLM\...\Winlogon\Notify\urspn
    [02/13/2008, 20:31:52] - Key not found: HKLM\...\Winlogon\Notify\urspn, continuing.
    [02/13/2008, 20:31:52] - BHO 9: {DA00CDCA-56BB-4171-8101-B4230DCB73A8} ()
    [02/13/2008, 20:31:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:52] - Checking for HKLM\...\Winlogon\Notify\xxwvu
    [02/13/2008, 20:31:52] - Key not found: HKLM\...\Winlogon\Notify\xxwvu, continuing.
    [02/13/2008, 20:31:52] - BHO 10: {E0EA1F31-B58F-47E8-A185-20C52DF9F168} ()
    [02/13/2008, 20:31:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:52] - Checking for HKLM\...\Winlogon\Notify\efcddaw
    [02/13/2008, 20:31:52] - Found: HKLM\...\Winlogon\Notify\efcddaw - This is probably Virtumundo.
    [02/13/2008, 20:31:52] - Assigning {E0EA1F31-B58F-47E8-A185-20C52DF9F168} MSEvents Object
    [02/13/2008, 20:31:52] - BHO list has been changed! Starting over...
    [02/13/2008, 20:31:52] - BHO 1: {0498FB38-C644-46D9-A891-2001C28F866C} ()
    [02/13/2008, 20:31:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:52] - Checking for HKLM\...\Winlogon\Notify\ursqq
    [02/13/2008, 20:31:53] - Key not found: HKLM\...\Winlogon\Notify\ursqq, continuing.
    [02/13/2008, 20:31:53] - BHO 2: {3E148F86-07D9-479B-9C66-F58C5B770522} ()
    [02/13/2008, 20:31:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:53] - Checking for HKLM\...\Winlogon\Notify\awtss
    [02/13/2008, 20:31:53] - Key not found: HKLM\...\Winlogon\Notify\awtss, continuing.
    [02/13/2008, 20:31:53] - BHO 3: {43408E72-84F2-4489-9717-1F40287F66AA} ()
    [02/13/2008, 20:31:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:53] - Checking for HKLM\...\Winlogon\Notify\ljhhe
    [02/13/2008, 20:31:53] - Key not found: HKLM\...\Winlogon\Notify\ljhhe, continuing.
    [02/13/2008, 20:31:53] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [02/13/2008, 20:31:53] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [02/13/2008, 20:31:53] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [02/13/2008, 20:31:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:53] - No filename found. Continuing.
    [02/13/2008, 20:31:53] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [02/13/2008, 20:31:53] - BHO 8: {AB76A837-492E-4792-8ABD-0EBBEE3775F0} ()
    [02/13/2008, 20:31:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:53] - Checking for HKLM\...\Winlogon\Notify\urspn
    [02/13/2008, 20:31:53] - Key not found: HKLM\...\Winlogon\Notify\urspn, continuing.
    [02/13/2008, 20:31:53] - BHO 9: {DA00CDCA-56BB-4171-8101-B4230DCB73A8} ()
    [02/13/2008, 20:31:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:53] - Checking for HKLM\...\Winlogon\Notify\xxwvu
    [02/13/2008, 20:31:53] - Key not found: HKLM\...\Winlogon\Notify\xxwvu, continuing.
    [02/13/2008, 20:31:54] - BHO 10: {E0EA1F31-B58F-47E8-A185-20C52DF9F168} (MSEvents Object)
    [02/13/2008, 20:31:54] - ALERT: Found MSEvents Object!
    [02/13/2008, 20:31:54] - BHO 11: {E60729E8-D1B8-4F6D-AF3A-BFEDFA60D5C5} ()
    [02/13/2008, 20:31:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:54] - Checking for HKLM\...\Winlogon\Notify\hgday
    [02/13/2008, 20:31:54] - Key not found: HKLM\...\Winlogon\Notify\hgday, continuing.
    [02/13/2008, 20:31:54] - Finished Searching Browser Helper Objects
    [02/13/2008, 20:31:54] - *** Detected MSEvents Object
    [02/13/2008, 20:31:54] - Trying to remove MSEvents Object...
    [02/13/2008, 20:31:55] - Terminating Process: IEXPLORE.EXE
    [02/13/2008, 20:31:55] - Terminating Process: RUNDLL32.EXE
    [02/13/2008, 20:31:55] - Disabling Automatic Shell Restart
    [02/13/2008, 20:31:55] - Terminating Process: EXPLORER.EXE
    [02/13/2008, 20:31:56] - Suspending the NT Session Manager System Service
    [02/13/2008, 20:31:56] - Terminating Windows NT Logon/Logoff Manager
    [02/13/2008, 20:31:56] - Re-enabling Automatic Shell Restart
    [02/13/2008, 20:31:56] - File to disable: C:\WINDOWS\system32\efcddaw.dll
    [02/13/2008, 20:31:56] - Renaming C:\WINDOWS\system32\efcddaw.dll -> C:\WINDOWS\system32\efcddaw.dll.vir
    [02/13/2008, 20:31:57] - File successfully renamed!
    [02/13/2008, 20:31:57] - Removing HKLM\...\Browser Helper Objects\{E0EA1F31-B58F-47E8-A185-20C52DF9F168}
    [02/13/2008, 20:31:58] - Removing HKCR\CLSID\{E0EA1F31-B58F-47E8-A185-20C52DF9F168}
    [02/13/2008, 20:31:58] - Adding Kill Bit for ActiveX for GUID: {E0EA1F31-B58F-47E8-A185-20C52DF9F168}
    [02/13/2008, 20:31:58] - Deleting ATLEvents/MSEvents Registry entries
    [02/13/2008, 20:31:58] - Removing HKLM\...\Winlogon\Notify\efcddaw
    [02/13/2008, 20:31:58] - Searching for Browser Helper Objects:
    [02/13/2008, 20:31:58] - BHO 1: {0498FB38-C644-46D9-A891-2001C28F866C} ()
    [02/13/2008, 20:31:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:58] - Checking for HKLM\...\Winlogon\Notify\ursqq
    [02/13/2008, 20:31:58] - Key not found: HKLM\...\Winlogon\Notify\ursqq, continuing.
    [02/13/2008, 20:31:58] - BHO 2: {3E148F86-07D9-479B-9C66-F58C5B770522} ()
    [02/13/2008, 20:31:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:58] - Checking for HKLM\...\Winlogon\Notify\awtss
    [02/13/2008, 20:31:58] - Key not found: HKLM\...\Winlogon\Notify\awtss, continuing.
    [02/13/2008, 20:31:58] - BHO 3: {43408E72-84F2-4489-9717-1F40287F66AA} ()
    [02/13/2008, 20:31:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:59] - Checking for HKLM\...\Winlogon\Notify\ljhhe
    [02/13/2008, 20:31:59] - Key not found: HKLM\...\Winlogon\Notify\ljhhe, continuing.
    [02/13/2008, 20:31:59] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [02/13/2008, 20:31:59] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [02/13/2008, 20:31:59] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [02/13/2008, 20:31:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:59] - No filename found. Continuing.
    [02/13/2008, 20:31:59] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [02/13/2008, 20:31:59] - BHO 8: {AB76A837-492E-4792-8ABD-0EBBEE3775F0} ()
    [02/13/2008, 20:31:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:59] - Checking for HKLM\...\Winlogon\Notify\urspn
    [02/13/2008, 20:31:59] - Key not found: HKLM\...\Winlogon\Notify\urspn, continuing.
    [02/13/2008, 20:31:59] - BHO 9: {DA00CDCA-56BB-4171-8101-B4230DCB73A8} ()
    [02/13/2008, 20:31:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:59] - Checking for HKLM\...\Winlogon\Notify\xxwvu
    [02/13/2008, 20:31:59] - Key not found: HKLM\...\Winlogon\Notify\xxwvu, continuing.
    [02/13/2008, 20:31:59] - BHO 10: {E60729E8-D1B8-4F6D-AF3A-BFEDFA60D5C5} ()
    [02/13/2008, 20:31:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:31:59] - Checking for HKLM\...\Winlogon\Notify\hgday
    [02/13/2008, 20:31:59] - Key not found: HKLM\...\Winlogon\Notify\hgday, continuing.
    [02/13/2008, 20:31:59] - Finished Searching Browser Helper Objects
    [02/13/2008, 20:31:59] - Finishing up...
    [02/13/2008, 20:31:59] - A restart is needed.
    [02/13/2008, 20:32:02] - Attempting to Restart via STOP error (Blue Screen!)

    [02/13/2008, 20:42:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Amaury\Bureau\VirtumundoBeGone.exe" )
    [02/13/2008, 20:42:47] - Detected System Information:
    [02/13/2008, 20:42:47] - Windows Version: 5.1.2600, Service Pack 2
    [02/13/2008, 20:42:47] - Current Username: Amaury (Admin)
    [02/13/2008, 20:42:47] - Windows is in NORMAL mode.
    [02/13/2008, 20:42:47] - Searching for Browser Helper Objects:
    [02/13/2008, 20:42:47] - BHO 1: {3E148F86-07D9-479B-9C66-F58C5B770522} ()
    [02/13/2008, 20:42:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:42:48] - Checking for HKLM\...\Winlogon\Notify\awtss
    [02/13/2008, 20:42:48] - Key not found: HKLM\...\Winlogon\Notify\awtss, continuing.
    [02/13/2008, 20:42:48] - BHO 2: {43408E72-84F2-4489-9717-1F40287F66AA} ()
    [02/13/2008, 20:42:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:42:48] - Checking for HKLM\...\Winlogon\Notify\ljhhe
    [02/13/2008, 20:42:48] - Key not found: HKLM\...\Winlogon\Notify\ljhhe, continuing.
    [02/13/2008, 20:42:48] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [02/13/2008, 20:42:48] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [02/13/2008, 20:42:48] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [02/13/2008, 20:42:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:42:48] - No filename found. Continuing.
    [02/13/2008, 20:42:48] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [02/13/2008, 20:42:48] - BHO 7: {AB76A837-492E-4792-8ABD-0EBBEE3775F0} ()
    [02/13/2008, 20:42:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:42:48] - Checking for HKLM\...\Winlogon\Notify\urspn
    [02/13/2008, 20:42:48] - Key not found: HKLM\...\Winlogon\Notify\urspn, continuing.
    [02/13/2008, 20:42:48] - BHO 8: {C0084558-1EF1-4220-AEF5-6C0DBEA82C6A} ()
    [02/13/2008, 20:42:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:42:48] - Checking for HKLM\...\Winlogon\Notify\ursqq
    [02/13/2008, 20:42:48] - Key not found: HKLM\...\Winlogon\Notify\ursqq, continuing.
    [02/13/2008, 20:42:48] - BHO 9: {DA00CDCA-56BB-4171-8101-B4230DCB73A8} ()
    [02/13/2008, 20:42:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:42:48] - Checking for HKLM\...\Winlogon\Notify\xxwvu
    [02/13/2008, 20:42:48] - Key not found: HKLM\...\Winlogon\Notify\xxwvu, continuing.
    [02/13/2008, 20:42:48] - BHO 10: {E60729E8-D1B8-4F6D-AF3A-BFEDFA60D5C5} ()
    [02/13/2008, 20:42:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/13/2008, 20:42:48] - Checking for HKLM\...\Winlogon\Notify\hgday
    [02/13/2008, 20:42:48] - Key not found: HKLM\...\Winlogon\Notify\hgday, continuing.
    [02/13/2008, 20:42:48] - Finished Searching Browser Helper Objects
    [02/13/2008, 20:42:48] - Finishing up...
    [02/13/2008, 20:42:48] - Nothing found! Exiting...
    0
  10. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    ok
    tu vas supprimer ces programmes, tous

    ensuite tu télécharges à nouveau Combofix, il faut toujours la toute dernière version, et tu scannes ton PC
    Télécharge combofix.exe (par sUBs) sur ton Bureau
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    désactive ton antivirus, antispyware, et Spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite.
    Double clique combofix.exe.
    Tape sur la touche Y (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    c'est ce rapport que je veux, complet, afin de voir s'il reste ou pas quelque chose

    0
  11. maracana
     
    Bonsoir Papyber,

    Voici le rapport:

    ComboFix 08-02-16.2 - Amaury 2008-02-16 0:26:08.2 - NTFSx86
    Endroit: C:\Documents and Settings\Amaury\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-16 to 2008-02-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-14 21:44 . 2008-02-14 21:44 <REP> d-------- C:\Program Files\Avira
    2008-02-14 21:44 . 2008-02-14 21:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-13 18:22 . 2008-02-13 18:23 <REP> d-------- C:\WINDOWS\ERUNT
    2008-02-12 21:54 . 2008-02-12 21:54 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-11 23:07 . 2008-02-12 19:28 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-02-11 20:28 . 2008-02-11 21:35 <REP> d-------- C:\Program Files\RegCleaner
    2008-02-11 19:53 . 2008-02-11 20:11 <REP> d-------- C:\Documents and Settings\Amaury\Application Data\RegClean
    2008-02-11 19:52 . 2008-02-11 20:19 <REP> d-------- C:\Program Files\RegClean
    2008-02-11 01:25 . 2008-02-11 01:25 <REP> d-------- C:\Program Files\Lavasoft
    2008-02-11 01:25 . 2008-02-11 01:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-11 01:22 . 2008-02-11 01:22 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-08 21:21 . 2008-02-08 21:21 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-08 20:34 . 2008-02-10 21:23 <REP> d-------- C:\Documents and Settings\Amaury\Application Data\PrevxCSI
    2008-02-08 17:13 . 2008-02-08 17:10 36,053,585 --a------ C:\WINDOWS\LPT$VPN.987
    2008-02-08 17:10 . 2008-02-08 17:10 36,053,585 --a------ C:\WINDOWS\VPTNFILE.987
    2008-02-08 17:09 . 2008-02-08 17:11 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-02-07 22:22 . 2008-02-07 22:22 38,400 --a------ C:\WINDOWS\system32\efcddaw.dll.vir
    2008-02-05 18:52 . 2008-02-05 18:52 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-02-05 18:45 . 2008-02-05 19:35 <REP> d-------- C:\Documents and Settings\Amaury\Application Data\Sports Interactive
    2008-02-05 18:34 . 2008-02-05 18:34 <REP> dr-h----- C:\Documents and Settings\Amaury\Application Data\SecuROM
    2008-02-05 18:34 . 2008-02-05 18:34 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-02-04 21:27 . 2008-02-04 21:27 <REP> d-------- C:\Program Files\TurnTool
    2008-01-30 20:36 . 2008-01-30 20:36 <REP> d-------- C:\Program Files\TVAnts
    2008-01-25 20:41 . 2008-01-25 20:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-24 20:13 . 2008-01-24 20:13 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-15 17:27 --------- d-----w C:\Program Files\HomePlayer1.5.3.1
    2008-02-14 20:36 --------- d-----w C:\Documents and Settings\Amaury\Application Data\The Bat!
    2008-02-08 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-08 16:11 267,845 ----a-w C:\WINDOWS\tsc.exe
    2008-02-08 16:10 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2008-02-08 16:10 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2008-02-08 16:10 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2008-02-08 15:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-06 17:02 --------- d-----w C:\Program Files\LIVEUPDATE
    2008-02-05 18:28 --------- d-----w C:\Program Files\eMule
    2008-02-03 21:02 --------- d-----w C:\Program Files\PokerStars
    2008-01-30 20:53 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
    2008-01-30 20:53 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
    2008-01-28 18:50 --------- d-----w C:\Program Files\Nikon
    2008-01-25 19:41 --------- d-----w C:\Program Files\Windows Live
    2008-01-25 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-25 18:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-25 18:43 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-01-20 22:12 --------- d-----w C:\Documents and Settings\Amaury\Application Data\Skype
    2008-01-14 22:22 --------- d-----w C:\Documents and Settings\Amaury\Application Data\ABBYY
    2008-01-14 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\ABBYY
    2008-01-09 18:02 --------- d-----w C:\Documents and Settings\Amaury\Application Data\Microgaming
    2007-12-28 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-17 18:14 --------- d-----w C:\Program Files\SopCast
    2007-12-17 18:13 --------- d-----w C:\Documents and Settings\Amaury\Application Data\SopCast
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 09:32 94208]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 09:29 77824]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 04:49 102400]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 04:49 684032]
    "mouseElf"="C:\PROGRA~1\WIRELE~1\GNETMOUS.EXE" [2003-02-12 15:01 176128]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
    "adiras"="adiras.exe" []
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 09:32 114688]
    "Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [2003-12-13 18:17 61440]
    "OdTray.exe"="C:\Program Files\Funk Software\Odyssey Client\OdTray.exe" [2004-07-02 17:45 970810]
    "SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-06 12:56 282624]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-14 21:49 249896]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
    odyEvent.dll 2006-02-25 13:41 106496 C:\WINDOWS\system32\odyEvent.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    --a------ 2004-03-21 17:20 186880 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

    R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
    R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-07-02 16:44]
    R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 19:16]
    S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 15:32]
    S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2003-01-22 17:31]
    S3 RDID1027;EDIROL PCR;C:\WINDOWS\system32\Drivers\rdwm1027.sys [2003-04-11 12:40]
    S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-06-17 19:49]

    *Newly Created Service* - ANTIVIRSCHEDULER
    *Newly Created Service* - ANTIVIRSERVICE
    *Newly Created Service* - AVGIO
    *Newly Created Service* - AVGNTFLT
    *Newly Created Service* - AVIPBB
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-12 02:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
    - C:\Program Files\RegClean\RegClean.ex
    - C:\Program Files\RegClean.Amaury)Runs RegClean to optimize your registry.
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-16 00:32:43
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-16 0:34:30
    .
    2008-02-14 00:58:12 --- E O F ---

    Encore Merci!!
    0
  12. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    recherche et supprime
    C:\WINDOWS\system32\efcddaw.dll.vir

    faire un scan antivirus en ligne avec Internet explorer et accepter l'ActiveX
    poster le rapport ici ensuite
    https://www.bitdefender.fr/

    En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    Dans la nouvelle fenêtre, clique sur j’accepte
    La fenêtre change encore, clique sur scanner
    Les signatures se chargent, etc.

    tuto en image
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm
    0
  13. maracana
     
    Bonjour,

    Voici le dernier rapport de bitdefender, apparement il reste des trucs sur la base de registre:

    BitDefender Online Scanner - Rapport virus en temps réel

    Généré à: Sat, Feb 16, 2008 - 12:02:57

    --------------------------------------------------------------------------------

    Info d'analyse

    Fichiers scannés
    267710

    Infectés Fichiers
    3

    Virus Détectés

    Trojan.Vundo.Gen.2
    3

    --------------------------------------------------------------------------------

    Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.
    0
  14. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    il me faut le rapport complet...
    0